Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sandysanthosh/spring-boot-security

Spring boot security
https://github.com/sandysanthosh/spring-boot-security

maven security spring springboot

Last synced: 6 days ago
JSON representation

Spring boot security

Host: GitHub
URL: https://github.com/sandysanthosh/spring-boot-security
Owner: sandysanthosh
License: mit
Created: 2019-10-04T17:21:55.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-01-29T15:50:14.000Z (almost 2 years ago)
Last Synced: 2023-03-04T17:47:25.682Z (over 1 year ago)
Topics: maven, security, spring, springboot
Language: Java
Homepage: https://sandysanthosh.github.io/Spring-Boot-Security/
Size: 66.4 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # spring-basic-security

Spring Security : Basic Authentication and Authorization  using spring boot

In a Spring Boot application, you can double check that a user is authenticated by using Spring Security. One way to do this is to create a custom filter that checks if the user is authenticated and has the necessary roles or permissions to access a certain resource. You can then configure your application to use this filter for specific URLs or request types. Additionally, you can use the **SecurityContextHolder** to check if the current user is authenticated and has the necessary roles or authorities. You can also use the **@PreAuthorize** and **@PostAuthorize** annotations to check the authentication and authorization of a user before or after a method is called.

Dependency:

```

DevTools

Secutiry 

Web

```

### Example:

```

@SuppressWarnings("deprecation")

@configuration

public class springsecurity extends WebSecurityConfigureAdapter{

@Override

protected void configure(AuthenticationManagerBuilder auth) throws exception {

auth.inMemoryAuthentication().withUser("Java Techie").password("Password").roles("ADMIN");

auth.inMemoryAuthentication().withUser("Basant").password("Password2").roles("USER");

}

//Security for all API

@Override

	protected void configure(HttpSecurity http) throws Exception {

		http.csrf().disable();

		http.authorizeRequests().antMatchers("/rest/**").hasAnyRole("ADMIN").anyRequest().fullyAuthenticated().and()

				.httpBasic();

	}

@Bean

	public static NoOpPasswordEncoder passwordEncoder() {

		return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();

	}

}

    

```    

    

   

    

    

   #### custom filter that checks if a user is authenticated and has the necessary role to access a certain resourc:

   

   

```   

   

   import java.io.IOException;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.web.filter.GenericFilterBean;

public class AuthenticationFilter extends GenericFilterBean {

    @Override

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)

            throws IOException, ServletException {

        Authentication authentication = TokenAuthenticationService

                .getAuthentication((HttpServletRequest) request);

        SecurityContextHolder.getContext().setAuthentication(authentication);

        filterChain.doFilter(request, response);

    }

}

```

This filter uses the **TokenAuthenticationService** to extract the authentication information from the request and sets it in the **SecurityContextHolder**. You can then configure your application to use this filter for specific URLs or request types.

Here is an example of using the **@PreAuthorize** and **@PostAuthorize** annotations to check the authentication and authorization of a user before or after a method is called:

```

@PreAuthorize("hasRole('ROLE_ADMIN')")

@PostAuthorize("hasRole('ROLE_USER')")

public void getResource() {

    //resource logic

}

```

This code checks if the user has the role of ROLE_ADMIN before the method is executed and if the user has the role of ROLE_USER after the method is executed.

In addition to this you can also use following code to check authentication

```

@RequestMapping("/user")

public Principal user(Principal user) {

    return user;

}

```

This code returns the user details of the currently logged in user

Please note, this is only an example and you may need to adjust it to fit the specific needs of your application.